Workspace ONE UEM can be configured to provide your shift workers, and other roles that share devices, access to corporate resources. Different apps, policies, and branding can be provided based on a users role. To ensure user privacy, certain apps can have their app data cleared between user sessions.
There are two prominent ways to configure your shared devices:
Workspace ONE Launcher VMware Workspace ONE UEM Launcher provides a highly customizable experience for your shift workers. You can add custom branding, set app icon positioning, and configure which device settings they should have access to.
Native Android Using Native Android for shared devices supports simpler use cases that do not require as much customization as Launcher. You can create secondary users, use simple branding, implement restrictions, and limit applications.
This guide assumes you have knowledge of certain workflows in the Workspace ONE UEM console, and have completed certain steps already:
The best option for the shared device use case is to use Work Managed enrollment with device based accounts. This is based on two key assumptions:
Device based accounts is only available when Android EMM is registered using managed Google Accounts.
Device based accounts adds a unique managed Google account on each device, even if the enrollment user is the same. This is important because Google limits how many devices can be used by a single user (limited to 10). With device based accounts, any number of devices can be enrolled with the same user.
To configure device-based accounts in the Workspace ONE UEM console:
Enrolling a device using a multi-user staging account sets up the device for shared use. Once you enable multi user devices, you can check in and check out shared Android devices using native Android capability or Workspace ONE Launcher (see sections below for more information on each option). Additionally, the multi-user staging account simplifies bulk enrollment by enabling you to enroll all your shared devices with this account.
To create a multi-user staging account, follow these steps:
Choose Native or Launcher under Android Shared Device Mode. If you select Launcher, proceed to select Save.
When you select Native, additional settings display to configure Native Android settings.
|System Apps||Allow end users to access system apps|
|Admin Passcode Mode||Specify an alphanumeric passcode to troubleshoot a device in admin mode. Tap the Hub icon on the login screeen 5 times to access admin mode.|
|Confirm Admin Passcode||Reenter admin passcode.|
To ensure that the enrollment is easy to perform in bulk, the best option is to use a QR code. A QR code can be created within the Workspace ONE UEM console that includes server details, group ID and authentication details. By simply scanning the QR code during the out of box setup, the device enrolls without any further interaction.
To create a QR code in the Workspace ONE UEM console:
Connect the device to Wi-Fi prior to enrollment by enabling the Wi-Fi toggle. This enabling action displays the following options.
|SSID||Enter the Service Set Identifier, more commonly known as the name of the Wi-Fi Network.|
|Password||Enter the Wi-Fi password for the entered SSID.|
Configure Organization Group
|Organization Group||Enable and select the organization group to enroll the device into.|
Configure Login Credentials
|Username||Enable to configure login credentials. Enter the username of the staging account created earlier.|
|Password||Enter the corresponding password for the staging user|
You can use this QR code for enrolling your Android devices into Work Managed mode.